From 485aeb9a67c3b9c9db63e36bb12529d92b22795f Mon Sep 17 00:00:00 2001 From: sluetze <13255307+sluetze@users.noreply.github.com> Date: Mon, 14 Oct 2024 15:27:04 +0000 Subject: [PATCH] add permission for kataconfig --- .../compliance-operator.clusterserviceversion.yaml | 7 +++++++ .../bases/compliance-operator.clusterserviceversion.yaml | 7 +++++++ config/rbac/api_resource_collector_cluster_role.yaml | 8 ++++++++ 3 files changed, 22 insertions(+) diff --git a/bundle/manifests/compliance-operator.clusterserviceversion.yaml b/bundle/manifests/compliance-operator.clusterserviceversion.yaml index bae92752b..8f4f30aa1 100644 --- a/bundle/manifests/compliance-operator.clusterserviceversion.yaml +++ b/bundle/manifests/compliance-operator.clusterserviceversion.yaml @@ -1098,6 +1098,13 @@ spec: verbs: - get - list + - apiGroups: + - kataconfiguration.openshift.io + resources: + - kataconfigs + verbs: + - list + - get serviceAccountName: api-resource-collector - rules: - apiGroups: diff --git a/config/manifests/bases/compliance-operator.clusterserviceversion.yaml b/config/manifests/bases/compliance-operator.clusterserviceversion.yaml index 73d6a03ce..23f863e15 100644 --- a/config/manifests/bases/compliance-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/compliance-operator.clusterserviceversion.yaml @@ -1176,6 +1176,13 @@ spec: - get - list - watch + - apiGroups: + - kataconfiguration.openshift.io + resources: + - kataconfigs + verbs: + - list + - get serviceAccountName: api-resource-collector - rules: - apiGroups: diff --git a/config/rbac/api_resource_collector_cluster_role.yaml b/config/rbac/api_resource_collector_cluster_role.yaml index abf361390..00de07c6d 100644 --- a/config/rbac/api_resource_collector_cluster_role.yaml +++ b/config/rbac/api_resource_collector_cluster_role.yaml @@ -867,3 +867,11 @@ rules: verbs: - get - list + # Necessary to check for sandboxed-containers config for BSI requirements + - apiGroups: + - kataconfiguration.openshift.io + verbs: + - list + - get + resources: + - kataconfigs